usbFilter/scripts/libusbHook.js

console.log("Starting libusb_submit_transfer hook script...");

// 传输类型枚举
const LIBUSB_TRANSFER_TYPE = {
    0: "CONTROL",
    1: "ISOCHRONOUS", 
    2: "BULK",
    3: "INTERRUPT"
};

// Hook libusb_submit_transfer
const submit_transfer_symbol = DebugSymbol.fromName("libusb_submit_transfer");
console.log("libusb_submit_transfer symbol info:", submit_transfer_symbol);

if (submit_transfer_symbol && submit_transfer_symbol.address && !submit_transfer_symbol.address.isNull()) {
    Interceptor.attach(submit_transfer_symbol.address, {
        onEnter: function(args) {
            var transfer = args[0];
            if (!transfer || transfer.isNull()) {
                return;
            }
            
            try {
                // 检测系统架构
                var ptrSize = Process.pointerSize;
                var is64bit = (ptrSize === 8);
                
                var endpoint, type, length, buffer;
                
                // 根据架构读取结构体成员
                if (is64bit) {
                    endpoint = transfer.add(9).readU8();          // 0x09
                    type = transfer.add(10).readU8();             // 0x0A
                    length = transfer.add(20).readU32();          // 0x14
                    buffer = transfer.add(48).readPointer();      // 0x30
                } else {
                    endpoint = transfer.add(5).readU8();          // 0x05
                    type = transfer.add(6).readU8();              // 0x06
                    length = transfer.add(16).readU32();          // 0x10
                    buffer = transfer.add(32).readPointer();      // 0x20
                }
                
                // 准备发送的数据
                var messageData = {
                    function: "libusb_submit_transfer",
                    transferType: LIBUSB_TRANSFER_TYPE[type] || "UNKNOWN",
                    endpoint: "0x" + endpoint.toString(16),
                    direction: (endpoint & 0x80) ? "IN" : "OUT",
                    length: length,
                    buffer: null
                };
                
                // 读取缓冲区数据
                if (!buffer.isNull() && length > 0) {
                    try {
                        var bufferData = [];
                        var maxBytes = Math.min(length, 1024); // 最多读取1024字节
                        
                        for (var i = 0; i < maxBytes; i++) {
                            bufferData.push(buffer.add(i).readU8());
                        }
                        
                        messageData.buffer = bufferData;
                        messageData.bufferTruncated = length > maxBytes;
                        
                    } catch (readErr) {
                        messageData.buffer = null;
                        messageData.error = "Failed to read buffer: " + readErr.message;
                    }
                }
                
                // 发送数据
                send(messageData);
                
            } catch (e) {
                send({
                    function: "libusb_submit_transfer",
                    error: "Failed to parse transfer structure: " + e.message
                });
            }
        }
    });
    console.log("Successfully hooked libusb_submit_transfer");
} else {
    console.log("libusb_submit_transfer not found");
}

console.log("libusb_submit_transfer hook script loaded successfully!");